Today I am here to discuss anout the QAZ trojan virus and how to detect it and remove it.Let know what is QAZ trojan?

About the QAZ Trojan:
This new backdoor Trojan allows hackers to access and control an infected system. TROJ_QAZ was initially distributed as “Notepad.exe” but might also appear with different filenames. Once an infected file is executed, TROJ_QAZ modifies the Windows registry so that it becomes active every time Windows is started. TROJ_QAZ also renames the original “notepad.exe” file to “note.com” and then copies itself as “notepad.exe” to the Windows folder. This way, the Trojan is also launched every time a user runs Notepad. TROJ_QAZ also attempts to spread itself to other shared drives on local networks. This Trojan does not mass email itself out to lists in the users address book however.

Type:Worm.Size: 117KBSystems Affected:Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP.
Due to a decrease in submission rate, W32.HLLW.Qaz.A has been downgraded to a level 2 threat.(According to Symantec.com).It is a companion virus that can spread over a network. It also has a "backdoor" that will enable a remote user to connect to and control the computer using port 7597. Because this virus cannot spread to computers outside of the network, it may have originally been sent by email.

QAZ Trojan Manual Removal:
The registry needs to edited to deleted this trojan:

Click START>RUN
Type REGEDIT and hit ENTER key

In the left panel,click the "+" to the left of the following:
HKEY_LOCAL_MACHINE
Software
Microsoft
Windows
Current Version
Run

Registry Editing for removal

In the right panel, search for any of the registry key that contain the data value ofstartIE=XXXX\Notepad.exe.

In the right window,highlight the registry key that loads the file and press the DELETE key. Answer YES to delete the entry.
Exit the registry.
Click START,SHUTDOWN. Choose “Restart” and click OK.

Protection From this Virus:Because this virus spreads by using shared folders on networked computers, to ensure that the virus does not re-infect the computer after it has been removed, I suggests sharing with read-only access or using password protection.